Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Bloodhound.Exploit.343

Started by WizMaster , May 19 2011 01:10 AM

This topic is locked

#16
WizMaster

Posted 04 June 2011 - 07:13 AM

Member

Topic Starter
Member
85 posts

Hello! Help!

I have done as instructed.

When I run combofix using the notepad, I have a bluescreen of death Which says

BAD_POOL_HEADER
Technical info
Stop: 0x00000019 ( 0x00000020, 0x85f9d4c8, 0x85f9d948,0x1890000b)

Afterwhich I reboot my computer and it says

File:\windows\system32\config\system
Status:0xc000014c
Window failed to load because the system registry file is missing or corrupt.

It wants me to insert a vista cd but I do not have 1.

Please help.
My computer cannot be runned now.

Edited by WizMaster, 04 June 2011 - 07:16 AM.

#17
michaelg9

Posted 04 June 2011 - 03:03 PM

Trusted Helper

Malware Removal
2,949 posts

Hello,

Can you find a Vista CD?

Have your computer turned off. Turn it on and start continuously pressing the F8 button.
You should get a black menu with some options.
Select Repair Your Computer
At the menu that will appear then, select StartUp Repair
It will try to fix any errors, follow all its prompts.
If that fails, restart your computer and press F8 again to get the boot menu. From there select Safe Mode and see if you can go anywhere.
If not, bring again the boot menu, and select Last Known Good Configuration. See if that goes anywhere.
If all fails, select Repair Your Computer option again, and use system restore option to restore your computer to an early working date.

Tell me your experiences with all that, if anyone succeeded and if you got any error anywhere :thumbsup:

#18
WizMaster

Posted 04 June 2011 - 11:00 PM

Member

Topic Starter
Member
85 posts

Any vista cd? Let's say I use acer but can I load up a fujitsu recovery cd for vista?

#19
michaelg9

Posted 05 June 2011 - 08:32 AM

Trusted Helper

Malware Removal
2,949 posts

No, I'm talking about a Vista installation CD. Like the one that you used to install the copy of windows you have, or the one that came when you bought the computer

#20
WizMaster

Posted 05 June 2011 - 09:48 AM

Member

Topic Starter
Member
85 posts

I don't have any. I tried asking around too but to no hope. Is there any other way out? I tried other options and could not access at all. Not even to last known good configuration.

Is there other ways, my laptop is important to me. All my project and assignments is inside:((

There wasn't any disc provided when I brought the laptop.
My laptop is acer aspire 4920

Edited by WizMaster, 05 June 2011 - 10:27 AM.

#21
michaelg9

Posted 05 June 2011 - 10:33 AM

Trusted Helper

Malware Removal
2,949 posts

Hello,
We can get your data back, but I'm just trying to make your computer operable again.

Were you able to access the "Repair Your Computer" option?

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

Download OTLPENet.exe to your desktop
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
Double-click on the OTLPE icon.
Select the Windows folder of the infected drive if it asks for a location
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Drag and drop this attached scan.txt into the Custom scans and fixes box
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system.
Right click the file and select send to : select the USB drive.
Confirm that it has copied to the USB drive by selecting it
You can backup any files that you wish from this OS
Please post the contents of the C:\OTL.txt file in your reply.

#22
WizMaster

Posted 05 June 2011 - 10:41 AM

Member

Topic Starter
Member
85 posts

I can't get any vista cd. Therefore there is no repair options. Is there any other solutions?

And even if I can get a vista it might not work as it is acer aspire window vista business oem.

Edited by WizMaster, 05 June 2011 - 12:04 PM.

#23
michaelg9

Posted 05 June 2011 - 01:47 PM

Trusted Helper

Malware Removal
2,949 posts

Hello,

I can't get any vista cd. Therefore there is no repair options. Is there any other solutions?

You don't need the Vista CD to get to repair options. Just do what the instructions say and tell me if you were able to boot into Repair Your Computer option.

If you can't boot into that option, then do as my previous post says

#24
WizMaster

Posted 05 June 2011 - 06:09 PM

Member

Topic Starter
Member
85 posts

When I f8 boot options these are the options available for
Me:

Safe mode
Safe mode with networking
Safe mode with command prompt

Enable boot logging
Enable low resolution video
Last known good configuration
Directory service restore mode
Debugging mode
Disable automatic restart on system failure
Disable driver signature enforcement

Start window normally

#25
michaelg9

Posted 06 June 2011 - 05:02 AM

Trusted Helper

Malware Removal
2,949 posts

Hello,
OK then, just do the OTLPE instructions in post#21

#26
WizMaster

Posted 06 June 2011 - 10:41 AM

Member

Topic Starter
Member
85 posts

hello!

Sorry but which folder should i choose?!

So i just choose my C drive and the error message writes target is not windows 2000 or later.

Thanks

But after which, i rebooted my comp and tried running windows in normal mode it worked.

I can access my laptop once again.

So what should i do next?

Edited by WizMaster, 06 June 2011 - 11:48 AM.

#27
michaelg9

Posted 06 June 2011 - 12:07 PM

Trusted Helper

Malware Removal
2,949 posts

Hello,
Nice

Let's avoid using ComboFix at the moment.

Check in C:\ drive if there is a text file named ComboFix.txt, and if there is, post its contents here

Next:
Open OTL, press the Quick Scan button and post the log it produces here

#28
WizMaster

Posted 06 June 2011 - 11:46 PM

Member

Topic Starter
Member
85 posts

Is this the one your're looking for?

2011-06-03 12:59:07 . 2011-06-03 12:59:07 914 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Funshion.reg.dat
2011-06-03 12:58:56 . 2011-06-03 12:58:56 302 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-AWinNotifyVitaKey MC3000.reg.dat
2011-06-03 12:58:50 . 2011-06-03 12:58:50 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NPSStartup.reg.dat
2011-06-03 12:58:49 . 2011-06-03 12:58:49 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-eRecoveryService.reg.dat
2011-06-03 12:58:49 . 2011-06-03 12:58:49 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-PLFSetL.reg.dat
2011-06-03 12:58:49 . 2011-06-03 12:58:49 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SetPanel.reg.dat
2011-06-03 12:58:49 . 2011-06-03 12:58:49 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Acer Tour.reg.dat
2011-06-03 04:53:08 . 2011-06-03 04:53:08 44,336 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\59CDD6ED_6A9A_B933_AFF3_109F2644974F.swf.vir
2011-06-03 04:53:05 . 2011-06-03 04:53:08 224,823 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\B2AD7BB2_18B3_7D1B_5B96_5B436F9D7BCB.swf.vir
2011-06-02 02:47:11 . 2011-06-02 02:47:11 259,494 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\FA299F1A_9904_C753_9B6D_7AC3F2663354.swf.vir
2011-06-02 02:47:11 . 2011-06-02 02:47:11 120,578 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\95680CCD_205A_C9D9_EDAA_DA7192F5C3CE.swf.vir
2011-06-02 02:47:09 . 2011-06-03 09:27:15 3,232 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\update\flashParam.txt.vir
2011-06-01 14:29:19 . 2011-06-01 14:29:19 126,687 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\FC1623DD_A473_192B_FE9E_3C7CCCBD4799.swf.vir
2011-05-31 16:17:48 . 2011-05-31 16:17:48 177,442 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\693FE51B_3610_13F5_FA5C_B9D60472DEB0.date1307076789.swf.vir
2011-05-31 16:17:47 . 2011-05-31 16:17:48 201,648 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\4249D162_F51E_13C7_75A5_E2499CAA065C.swf.vir
2011-05-31 16:17:46 . 2011-05-31 16:17:47 33,989 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\16E5D77B_86BE_F63D_FA05_BEA1DCDCC006.date1307076789.swf.vir
2011-05-31 15:14:12 . 2011-05-31 15:14:12 7,883 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-05-31 15:06:51 . 2011-06-03 12:55:23 144 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-05-31 14:05:14 . 2011-05-31 14:05:14 13,604 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\historyTorrent\花花世界花家姐（国语版）-第1集.fsp.vir
2011-05-31 14:05:14 . 2011-06-03 12:50:17 1,236 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\control\1306850714_23811438_1305597882_360.dat.vir
2011-05-31 14:05:14 . 2011-05-31 14:05:14 13,604 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\control\1306850714_23811438_1305597882_360.fsp.vir
2011-05-31 12:15:22 . 2011-05-31 12:15:21 38,931 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\historyTorrent\前度-MP4.fsp.vir
2011-05-31 12:02:01 . 2011-05-31 12:02:01 111,036 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\69E3FDC8_EE85_245F_185D_1E112D29CDFE.date1306938559.swf.vir
2011-05-31 12:02:01 . 2011-05-31 12:02:01 119,363 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\84DBF53E_D681_ADD4_4CC6_F8E1EDB8DDE7.date1306938559.swf.vir
2011-05-31 12:01:56 . 2011-05-31 12:02:01 251,326 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\22AB450A_67FB_7034_B005_68D02AD158B0.swf.vir
2011-05-31 12:01:55 . 2011-05-31 12:01:56 808,228 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\4FB870E3_6A2A_AD04_0E3C_B29AC08D244A.flv.vir
2011-05-29 16:15:50 . 2011-05-29 16:16:29 719,351 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\BB79ADF3_C2BB_6B1C_D4DB_3B3B788C9D77.date1306731478.flv.vir
2011-05-29 16:15:43 . 2011-05-29 16:15:49 176,734 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\D0F9A3B9_8BEC_7D30_13B6_E61CEA6F2F7E.date1306843321.swf.vir
2011-05-29 16:15:33 . 2011-05-29 16:15:42 140,498 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\A6F48BA7_5022_151A_5DFB_697AD488D978.swf.vir
2011-05-29 16:15:23 . 2011-05-29 16:15:32 171,708 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\5DC8DB1F_9514_8B49_9423_B5200A7F639A.date1306938559.swf.vir
2011-05-27 13:50:29 . 2011-05-27 13:50:36 108,987 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\F511AD8D_3FA4_5095_932A_BE225B2DC91B.date1306685789.swf.vir
2011-05-27 03:24:17 . 2011-05-27 03:24:18 89,182 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\FA6301E2_6062_90F8_ADC0_DE03F70BF33F.date1306685789.swf.vir
2011-05-27 03:24:15 . 2011-05-27 03:24:17 130,027 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\8C630F53_D8D5_9038_DCF5_A2535B80C421.date1307076789.swf.vir
2011-05-27 03:24:09 . 2011-05-27 03:24:15 1,116,918 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\A15D237E_2034_8F86_BADE_5C6F73F19321.date1306843321.swf.vir
2011-05-27 03:24:05 . 2011-05-27 03:24:09 168,120 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\F7CF4BE2_0544_936A_AC0A_81D1EC9D2F68.date1306843321.swf.vir
2011-05-26 14:05:56 . 2011-05-26 14:05:59 33,989 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\4EC75E06_1CF2_6653_233B_DB5B33289591.date1306938559.swf.vir
2011-05-26 14:05:48 . 2011-05-26 14:05:56 109,104 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\51DEFD57_8076_EAD7_E781_0E00837FE39D.date1306504237.swf.vir
2011-05-26 14:05:43 . 2011-05-26 14:05:48 60,399 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\0A549C41_C5A1_B905_7F4C_ADE5472837E4.swf.vir
2011-05-26 14:05:40 . 2011-05-26 14:05:43 36,593 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\0582C6F8_3670_7D16_7B8E_A0AFA121608A.date1306685789.swf.vir
2011-05-23 16:52:30 . 2011-05-23 16:52:32 95,135 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\159EBDB8_A8E8_61AE_E265_F9DCE2E34E92.date1306466659.swf.vir
2011-05-23 16:52:26 . 2011-05-23 16:52:29 140,123 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\D53C1BF6_60B6_6655_F9E7_9D3C850192DA.date1306769760.swf.vir
2011-05-23 16:52:22 . 2011-05-23 16:52:26 271,998 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\EF512DBD_C49F_4F4D_4617_176841D3E079.date1306466658.swf.vir
2011-05-23 07:33:02 . 2011-05-23 07:33:04 82,722 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\CD6C30BC_187D_88EC_B292_97C93D341E11.date1306418759.swf.vir
2011-05-23 07:32:59 . 2011-05-23 07:33:02 193,054 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\202F3106_3D86_3E00_5B50_9D97A900BA03.date1306685789.swf.vir
2011-05-23 07:32:58 . 2011-05-23 07:32:59 98,172 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\35FD07A9_3462_FAB1_78F0_85C07123D022.date1307076789.swf.vir
2011-05-19 17:26:37 . 2011-05-19 17:26:36 22,779 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\historyTorrent\惊声尖笑3.fsp.vir
2011-05-19 15:31:44 . 2011-05-19 15:31:43 38,434 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\historyTorrent\女子大乱斗-MP4.fsp.vir
2011-05-19 12:27:17 . 2011-05-19 12:27:17 36,804 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\historyTorrent\食品公司-MP4.fsp.vir
2011-05-19 12:18:09 . 2011-05-19 12:18:08 29,202 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\historyTorrent\超级全能住宅改造王-20110517.fsp.vir
2011-05-18 17:09:30 . 2011-05-18 17:09:32 114,906 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\61510264_071F_A9C7_BD54_7A0509E6F48B.swf.vir
2011-05-18 17:09:29 . 2011-05-18 17:09:30 78,262 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\84DE0843_65AC_810E_365A_67EF5CC4F69E.date1306135985.swf.vir
2011-05-18 17:05:30 . 2011-05-19 17:26:38 1,591 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\control\1305738330_18524595_1303440033_657.dat.vir
2011-05-18 17:05:30 . 2011-05-18 17:05:29 41,644 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\control\1305738330_18524595_1303440033_657.fsp.vir
2011-05-18 04:06:54 . 2011-05-18 04:06:56 327,553 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\EDE2B6BE_33A9_139F_DE84_A9981770B2D5.date1306251237.swf.vir
2011-05-18 04:06:51 . 2011-05-18 04:06:54 443,201 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\6601537D_9AD3_AD5A_ABE1_21FDD3FA1126.date1306135985.swf.vir
2011-05-17 14:05:27 . 2011-05-17 14:05:32 91,343 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\27EEF950_63C1_F602_186E_72D88AB56360.date1306135985.swf.vir
2011-05-17 14:05:09 . 2011-05-17 14:05:26 255,711 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\CF6C9342_FFF5_1B58_405A_404728BB52EB.date1305785535.swf.vir
2011-05-17 14:05:05 . 2011-06-03 09:27:16 9,821 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\update\AdLinkParamFile.fax.vir
2011-05-15 13:06:01 . 2011-05-15 13:07:06 1,215,838 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\3BD9DA56_D8A5_D6CF_AFBC_C8812CB4CDEA.date1305691620.flv.vir
2011-05-14 11:53:13 . 2011-05-14 11:53:17 216,894 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\C355C0B8_4929_98D2_4E80_4FC7D20C6503.swf.vir
2011-05-14 11:53:12 . 2011-05-14 11:53:13 38,654 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\73991FD0_EBDA_D973_CB58_C5037DC4B9AF.date1306135985.swf.vir
2011-05-14 11:52:52 . 2011-05-14 11:53:12 304,878 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\6DA894EB_EBD3_FD6B_E80A_6A8B038F14B6.date1306135985.swf.vir
2011-05-14 11:52:49 . 2011-05-14 11:52:51 78,826 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\C476BF0C_8A8E_8439_868A_C6D569CF52DF.date1305641132.swf.vir
2011-05-13 15:34:46 . 2011-05-13 15:34:49 49,332 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\9B1F9DFE_2B01_A8CA_1A3E_0C0C37593E04.date1305641132.swf.vir
2011-05-13 07:09:06 . 2011-05-13 07:09:07 65,803 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\8355B1E5_1E71_38AB_19DB_B78D7CFEF3EF.date1305691619.swf.vir
2011-05-13 07:09:05 . 2011-05-13 07:09:06 114,973 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\D783F4F4_FF1D_DAC6_0EB8_5D59D968EC05.date1305464826.swf.vir
2011-05-13 07:09:01 . 2011-05-13 07:09:04 214,677 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\5399D719_1E56_BDBD_8B26_B87123013D57.date1305464827.swf.vir
2011-05-12 06:27:33 . 2011-05-12 06:27:40 455,541 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\577FBBE0_6B57_AE58_740B_4A351C6108DC.date1305691620.swf.vir
2011-05-12 06:27:32 . 2011-05-12 06:27:33 49,272 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\563DC959_EC3E_01FF_85EF_90F0C4AE9690.date1305270548.swf.vir
2011-05-11 12:49:19 . 2011-05-11 12:49:20 18,989 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\E474895D_8874_0B72_7937_D2B8D808F5B0.date1305181660.swf.vir
2011-05-11 12:49:12 . 2011-05-11 12:49:18 155,447 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\5063A532_ED17_A8EA_443D_DBB695E989FF.date1305785536.swf.vir
2011-05-10 11:41:29 . 2011-05-10 11:41:32 101,754 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\92D1921F_0618_6F08_780A_2074764E9922.date1305270547.swf.vir
2011-05-10 11:41:18 . 2011-05-10 11:41:29 540,024 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\C3691D3A_C235_9FF9_4ABB_D967D0EFC0B5.date1305270547.swf.vir
2011-05-10 11:41:14 . 2011-05-10 11:41:17 45,671 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\AC9795F4_46BA_4DA7_4C98_69B0EAF029B6.date1305300891.swf.vir
2011-05-10 11:41:12 . 2011-05-10 11:41:14 64,239 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\A0EE6889_0A7E_429B_03EB_775619512F74.date1305373998.swf.vir
2011-05-08 06:20:35 . 2011-05-08 06:20:37 84,317 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\1E035502_89DA_3C1B_2E7D_39CAB9FB7307.date1305374000.swf.vir
2011-05-07 11:48:25 . 2011-05-07 11:48:33 152,738 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\2E05AED6_1584_56EA_EA08_A175ADDC80E0.date1305027701.swf.vir
2011-05-07 11:48:21 . 2011-05-07 11:48:25 133,209 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\19037F00_64B6_855B_BCB5_DE37F6538F97.date1305374000.swf.vir
2011-05-07 11:48:18 . 2011-05-07 11:48:20 94,670 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\FC767A9D_B93B_3953_E9DB_30B908B0BB14.date1304835637.swf.vir
2011-05-07 11:48:09 . 2011-05-07 11:48:17 370,322 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\B310E90C_4A27_6DDB_840E_37F9B336B7F2.date1304940057.swf.vir
2011-05-06 06:50:48 . 2011-05-06 06:50:49 58,490 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\CF84D5C3_15F6_7F06_A9BE_8AE64D0E45A1.date1304921411.swf.vir
2011-05-06 06:50:47 . 2011-05-06 06:50:48 51,428 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\B67FB7F0_E565_8503_A3A8_5941771E9BE6.date1305181660.swf.vir
2011-05-06 06:50:46 . 2011-05-06 06:50:47 192,735 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\A39FA084_0D47_1C6D_BFF1_4A2D9BC5ADA1.date1304835638.swf.vir
2011-05-06 06:50:40 . 2011-05-06 06:50:46 1,009,416 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\E22429AA_7F06_CD23_5C26_E0A5DB396642.date1305738572.flv.vir
2011-05-05 06:30:01 . 2011-05-05 06:30:04 180,925 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\48FAC2B0_8DC0_C6E9_CC75_ABC16264C818.date1305641132.swf.vir
2011-05-05 06:30:00 . 2011-05-05 06:30:01 69,918 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\7820E516_40C7_18C6_08DF_6196E516F666.date1304768913.swf.vir
2011-05-04 12:25:46 . 2011-05-04 12:26:48 2,026,347 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\BF942CB3_C527_1146_78F8_8F22B38A04AC.date1305181660.flv.vir
2011-05-04 12:25:36 . 2011-05-04 12:25:46 255,319 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\5F0875AC_463A_DCD4_C54E_D8BD9C112F4A.swf.vir
2011-05-04 12:25:29 . 2011-05-04 12:25:36 179,415 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\EA9D1E83_D793_E233_B57D_633299A825C0.date1304768913.swf.vir
2011-05-04 12:25:26 . 2011-05-04 12:25:29 64,297 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\2D4F5764_0B7A_46CC_F442_AF5021DCD227.date1304664649.swf.vir
2011-05-04 12:25:22 . 2011-05-04 12:25:25 51,180 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\689833AB_668C_A2E7_DA4C_365D90069F9A.date1305181660.swf.vir
2011-05-03 06:30:17 . 2011-05-03 06:30:17 92,739 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\69C3B9E1_1F9D_7DF3_AA96_1F17C510B7CF.date1307076789.swf.vir
2011-05-02 14:55:13 . 2011-05-02 14:55:24 206,521 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\0592F407_3D4C_CAF9_54B8_9DF51E45793C.date1304577004.swf.vir
2011-05-01 06:50:24 . 2011-05-01 06:50:26 48,111 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\F8EA1151_8CA4_59A5_CB11_C38BD9EE26C9.date1304512008.swf.vir
2011-05-01 06:50:19 . 2011-05-01 06:50:23 255,176 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\F2D9789A_7515_8793_A350_98C47E71C444.date1304512008.swf.vir
2011-04-30 10:08:43 . 2011-04-30 10:08:46 237,127 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\D8E7BC85_854F_8755_A36B_79EBA2A99612.date1304768913.swf.vir
2011-04-30 10:08:39 . 2011-04-30 10:08:43 170,081 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\F5FF9A31_84E9_F8B5_FB10_8A623B7F4EBB.swf.vir
2011-04-30 10:08:35 . 2011-04-30 10:08:39 253,958 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\E3C61CF8_E5DB_8244_0413_DA5351D8F69D.date1304512008.swf.vir
2011-04-27 06:13:51 . 2011-04-27 06:13:52 60,432 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\75DE27E8_D33F_DC61_A715_B944BAE4B2DD.date1306418759.swf.vir
2011-04-27 06:13:42 . 2011-04-27 06:13:43 104,273 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\6625E401_5223_60DD_1D48_CF4F2AF4BFC9.date1305785535.swf.vir
2011-04-27 06:13:40 . 2011-04-27 06:13:41 67,604 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\DB333118_CF35_10FA_B579_FC5EA733989B.date1306251237.swf.vir
2011-04-27 06:13:31 . 2011-04-27 06:13:38 1,569,796 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\09BFA07C_9C47_2C78_6F3B_F03378EC4CB6.date1306938559.flv.vir
2011-04-13 15:08:55 . 2011-04-13 15:09:09 493,881 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\7936CDC1_21E8_D648_23EB_10089FDF258A.date1304512008.swf.vir
2011-04-12 10:59:26 . 2011-04-12 10:59:26 11,470 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\A984887B_4B95_6C06_5507_9C417174458B.date1304664649.swf.vir
2011-04-08 11:57:47 . 2011-04-08 11:57:53 36,887 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashStamp\4A09DE59_E6C7_9C1C_A734_78161EFFB51C.swf.vir
2011-04-08 10:24:17 . 2011-04-08 10:24:17 43 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashStamp\blank.gif.vir
2011-04-06 12:16:25 . 2011-04-06 12:16:31 122,726 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flashNew\066BFA23_9783_739F_2459_BA891EA66D34.date1304768914.swf.vir
2011-03-05 05:43:51 . 2011-06-03 09:27:18 4,643 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\flash\980EF71B_C41B_511C_2591_1C44D72C2CEC.swf.vir
2011-03-02 13:51:49 . 2011-05-19 18:52:50 1,327 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\control\1299073909_18277256_1288606676_212.dat.vir
2011-03-02 13:51:49 . 2011-03-02 13:51:49 20,489 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\control\1299073909_18277256_1288606676_212.fsp.vir
2011-02-27 16:50:39 . 2011-02-27 16:50:39 11,428 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\Seed\19716789_1298100912_966.fsp.vir
2011-02-26 16:26:59 . 2011-02-26 16:26:59 13,468 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\Seed\18277256_1297853049_836.fsp.vir
2011-02-06 06:54:02 . 2011-05-31 12:27:04 0 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\update\localad.fax.vir
2011-02-06 06:26:53 . 2011-06-03 09:27:15 26,201 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\update\ad_define.fai.vir
2011-02-05 16:57:38 . 2011-06-03 09:27:17 3,565 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\update\ad_material.fax.vir
2011-02-05 16:57:23 . 2011-06-03 04:52:54 50,203 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\ini\httpfile.ini.vir
2011-02-05 16:57:17 . 2011-02-05 19:03:59 1,623 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\funshion.ini.vir
2011-02-05 16:57:17 . 2011-02-05 16:57:19 18 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\FunshionService.diagnose.vir
2011-02-05 16:57:08 . 2011-04-28 14:25:55 833 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\S10061269_info.ini.vir
2011-02-05 16:56:48 . 2011-02-05 16:56:48 99 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\install.ini.vir
2011-02-05 16:56:47 . 2011-02-05 16:56:47 253,422 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\Uninstall.exe.vir
2010-11-01 08:20:22 . 2010-11-01 08:20:22 140,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\fpsrv.dll.vir
2010-11-01 08:20:22 . 2010-11-01 08:20:22 230,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\fptassrv.dll.vir
2010-11-01 08:20:00 . 2010-11-01 08:20:00 926,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe.vir
2010-11-01 08:19:14 . 2010-11-01 08:19:14 111,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\LangResEnAmerican.dll.vir
2010-11-01 08:19:02 . 2010-11-01 08:19:02 172,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\RouterSetting.dll.vir
2010-11-01 08:19:00 . 2010-11-01 08:19:00 180,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\CrashReport.exe.vir
2010-11-01 08:19:00 . 2010-11-01 08:19:00 2,454,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\Funshion.exe.vir
2010-11-01 08:16:58 . 2010-11-01 08:16:58 4,018,928 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\funshionplugin2.dll.vir
2010-11-01 08:14:28 . 2010-11-01 08:14:28 1,209,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\FunshionService.exe.vir
2010-11-01 08:12:06 . 2010-11-01 08:12:06 291,568 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\quality.dll.vir
2010-11-01 08:11:52 . 2010-11-01 08:11:52 176,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\upnp.dll.vir
2010-11-01 08:11:46 . 2010-11-01 08:11:46 189,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\GetMACAddress.dll.vir
2010-11-01 08:11:38 . 2010-11-01 08:11:38 193,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\Dump.dll.vir
2010-11-01 08:11:20 . 2010-11-01 08:11:20 70,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\Encrypt.dll.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 25,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\Funshion-install.ico.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 26,694 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\FunshionGame2.ico.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 24,150 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\Funshop2.ico.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,136 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\nicdescr.dat.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 278,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\pncrt.dll.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 6,656 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\pndx5016.dll.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 5,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\pndx5032.dll.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 185,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\rmoc3260.dll.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 702 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\0.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 558 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\1.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 702 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\2.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 702 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\3.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 702 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\4.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 702 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\5.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 702 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\6.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 702 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\7.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 702 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\8.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 702 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\9.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\Buffering.gif.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,158 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionCloseBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,158 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionMaxBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 13,014 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 14,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtnEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 19,962 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionMenuF.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 29,538 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionMenuFEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,158 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionMinBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,158 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionNormalBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,068 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionText.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,068 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CaptionTextEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 24,342 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ChangeModeBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 450 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CheckBox_Box.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\CheckBox_Check.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 950 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\DiskWarnning.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,254 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\DragCorner.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,606 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\HidePlayInfoBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 142 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IErrorReshBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 11,958 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IErrorWarning.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 79,002 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IErrorWndBk.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 17,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IeToolBarBack.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 17,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IeToolBarBackEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 174 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IeToolBarBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 17,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IeToolBarForward.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 23,142 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IeToolBarForwardEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 17,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePage.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 25,950 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePageEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 17,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IeToolBarRefresh.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 22,206 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IeToolBarRefreshEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 77,790 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\IntergrateModeBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 486 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\L.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,368 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\OptionText.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,368 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\OptionTextEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,134 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\p.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PauseAdCloseBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 42,534 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PauseFlickerBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 654 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBarSplidRgn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 5,602 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 5,602 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRight.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,462 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRightSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,462 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,522 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumb.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,082 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumbSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 174 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,934 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndLeft.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 894 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndRight.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 214 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,510 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnFullView.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 10,422 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnMute.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,166 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnMuteSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 10,422 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNext.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,070 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNextSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,510 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNonTop.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,510 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNormal.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 10,422 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPause.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,070 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPauseSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 10,422 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlay.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 10,422 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlayList.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,070 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlaySmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 10,422 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPre.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,070 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPreSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,510 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnSimple.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 10,422 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnStop.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,510 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnTop.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 7,554 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnVolume.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,770 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnVolumeSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 20,022 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerHideBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,522 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayerTipCloseBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 41,826 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayFlickerBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 150 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgndSel.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,614 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayInfoBtnMenu.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 342 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayInfoCurPlay.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 798 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayInfoHeaderBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 154 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayInfoTitleBk.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,942 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayListAddBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,942 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayListRemove.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 78 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayListVerSplid.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 78 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlayListVerSplidMark.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 126 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBefore.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBeforeSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 126 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 110 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBkgndSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 126 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarDownload.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarDownloadSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 310 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarHead.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 198 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarHeadSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,522 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarThumb.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,782 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarThumbSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 310 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarTrail.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 198 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\PlaySplidBarTrailSmall.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 486 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\R.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 486 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\RadioBtnBox.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 246 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\RadioBtnPt.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 11,966 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\RpcLoading.gif.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 92,258 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\RpcStartDlgBk.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,718 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrow.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,458 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrowL.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,718 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrow.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,458 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrowL.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 98 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 90 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerBkgndL.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 182 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 162 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgndL.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 566 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHead.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 810 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHeadL.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 182 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMid.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 162 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMidL.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 694 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrail.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 810 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrailL.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 146 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollLinkBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 15,094 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ScrollLinkFrm.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,662 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\SettingDlgIcon.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,606 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\ShowPlayInfoBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 70 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\SplidBarBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 634 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\SplidBarMark.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 218 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\StatusBarBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 234 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\StatusBarLeft.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,934 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\StatusBarRight.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 234 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\StatusBarSplid.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 77,790 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TabModeBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 6,054 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskBarBtnIcon.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 7,866 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskBarBtnMenu.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 24,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskBarBtnOpenLcl.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 24,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskBarBtnShowPlayer.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 306 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskBarTipDownArrow.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,862 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\taskdown.ico.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 24,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskListBtnHide.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 24,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskListBtnShow.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskListStatIcons.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskListStatSelIcon.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 4,158 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 15,654 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseTxtBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 226 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskMgnBarBk.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 77,250 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskMgnBarItem.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 24,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskMgnBarList.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 5,862 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskMgnBarLScrollBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 11,226 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskMgnBarRScrollBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 182 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 726 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleLeft.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 678 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleRight.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,862 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\taskpause.ico.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,862 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\taskplaying.ico.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,862 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\taskstop.ico.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 238 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskTabBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,368 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskText.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 6,788 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskTextEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 222 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 15,894 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarDelete.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 22,230 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarDeleteEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 15,894 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownload.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 28,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownloadEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 15,894 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarPlay.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 15,894 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestore.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 21,174 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestoreEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 15,896 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarStop.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 22,230 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TaskToolBarStopEn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,862 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\taskupload.ico.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 58 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TextBtnBk.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 246 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TipBottomArrow.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 222 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TipRightArrow.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 306 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\TipTopArrow.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 234 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateBtmBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 19,554 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateBtmCloseBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 19,554 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateBtmIgoreBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 19,554 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateBtmUpdateBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 190 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateCapBkgnd.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 3,522 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateCapCloseBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 1,062 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateCaption.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 354 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateIconFail.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 354 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateIconInit.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 354 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\UpdateIconSuc.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 7,566 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\vodPlay.gif.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 6,505 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\vodPlayEn.gif.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 7,608 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\vodWeb.gif.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 7,833 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\vodWebEn.gif.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 8,754 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\WebCloseBtn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 2,134 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\WebCloseBtnRgn.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 918 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\skin\x.bmp.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 80 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\Cacheflash\blankFs.swf.vir
2010-11-01 08:10:58 . 2010-11-01 08:10:58 114,450 ----a-w- C:\Qoobox\Quarantine\C\Users\acer\funshion\cache\Cacheflash\donghuanew_18.swf.vir
2010-11-01 08:10:56 . 2010-11-01 08:10:56 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\cook.dll.vir
2010-11-01 08:10:56 . 2010-11-01 08:10:56 606,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\CoreAAC.ax.vir
2010-11-01 08:10:56 . 2010-11-01 08:10:56 271,872 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\coreavc.ax.vir
2010-11-01 08:10:56 . 2010-11-01 08:10:56 1,045,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\dbghelp.dll.vir
2010-11-01 08:10:56 . 2010-11-01 08:10:56 266,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Funshion Online\Funshion\drvc.dll.vir
-------------------------

OTL log

OTL logfile created on: 7/6/2011 1:42:48 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\acer\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.94 Gb Total Space | 58.34 Gb Free Space | 44.22% Space Free | Partition Type: NTFS
Drive D: | 88.17 Gb Total Space | 77.56 Gb Free Space | 87.96% Space Free | Partition Type: NTFS

Computer Name: S10061269 | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/07 03:20:37 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/05/03 14:43:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
PRC - [2011/03/05 13:43:28 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\ppstream\PPSAP.exe
PRC - [2009/10/17 10:56:18 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\acer\Program Files\DNA\btdna.exe
PRC - [2009/05/13 10:22:18 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/05/11 10:04:34 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/02/18 11:06:49 | 001,282,048 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
PRC - [2009/02/18 11:05:13 | 000,163,840 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
PRC - [2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/12 14:01:56 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/09/12 14:01:56 | 000,993,792 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciBrowser.exe
PRC - [2008/05/22 18:55:52 | 001,001,472 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SmartFix\McciTrayApp.exe
PRC - [2008/04/22 14:14:20 | 000,802,816 | R--- | M] (Honeywell International Inc.) -- C:\Program Files\Common Files\Honeywell\SimStation\SimStation.exe
PRC - [2007/12/17 11:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/10 10:23:02 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/12/06 01:25:58 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/10/30 18:45:48 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/10/19 16:15:50 | 000,842,248 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/09/07 11:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/07/03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/11 14:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/04/25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2007/02/09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/01/19 19:51:16 | 000,711,472 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/02 17:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2005/03/23 16:12:30 | 003,604,480 | R--- | M] (AspenTech) -- C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe

========== Modules (SafeList) ==========

MOD - [2011/05/03 14:43:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
MOD - [2006/11/02 17:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- -- (bgsvcgen)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/07/23 00:39:58 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/11 10:04:34 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/02/18 11:06:49 | 001,282,048 | ---- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2008/04/22 14:14:20 | 000,802,816 | R--- | M] (Honeywell International Inc.) [Auto | Running] -- C:\Program Files\Common Files\Honeywell\SimStation\SimStation.exe -- (SimStation)
SRV - [2008/04/11 14:51:46 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/12/10 10:23:02 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/30 18:45:48 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/07/31 09:52:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/03/22 15:51:33 | 000,900,248 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2011/06/07 13:33:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67F010B4-2A20-474F-82C2-B5213CDD136A}\MpKsl9324bbea.sys -- (MpKsl9324bbea)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 15:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/05/11 10:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/06/02 21:06:10 | 000,026,056 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/30 16:15:36 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\mremp50.sys -- (MREMP50)
DRV - [2008/01/30 16:15:36 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\mresp50.sys -- (MRESP50)
DRV - [2007/11/30 15:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007/10/31 10:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/27 23:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/12 10:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/04/03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2007/03/09 12:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/01/31 17:10:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007/01/31 17:10:10 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007/01/31 17:10:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch_sb =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_sb =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/31 02:05:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/20 00:21:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 12:03:46 | 000,000,000 | ---D | M]

[2008/12/18 23:22:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions
[2010/07/20 20:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\8w1vck4n.default\extensions
[2010/07/10 01:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\8w1vck4n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/22 00:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/22 00:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/07 01:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\ACER\PROGRAM FILES\DNA
[2008/01/08 08:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/07 03:19:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [aspenONE Toolbar] C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe (AspenTech)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [singtelRV_McciTrayApp] C:\Program Files\SmartFix\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\acer\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [PPS Accelerator] D:\ppstream\PPSAP.exe (PPStream Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/23 00:23:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 03:20:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/07 01:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/04 20:52:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/04 20:45:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/04 20:44:24 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/04 20:32:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/31 23:18:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/31 23:07:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/31 23:07:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/31 23:07:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/31 23:07:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/31 23:06:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/31 23:06:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/30 01:45:05 | 004,112,369 | R--- | C] (Swearware) -- C:\Users\acer\Desktop\ComboFix.exe
[2011/05/19 14:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/12 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Unity
[2008/03/04 12:25:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2008/03/04 11:42:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008/02/28 10:37:49 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008/02/28 10:30:23 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/07/31 08:59:43 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll

========== Files - Modified Within 30 Days ==========

[2011/06/07 13:41:04 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/07 13:41:04 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/07 13:33:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 13:33:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 13:33:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/07 03:19:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/07 03:19:32 | 412,777,075 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/07 01:50:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/07 01:44:34 | 000,016,896 | ---- | M] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/04 20:44:41 | 004,112,369 | R--- | M] (Swearware) -- C:\Users\acer\Desktop\ComboFix.exe
[2011/06/04 20:24:43 | 000,132,597 | ---- | M] () -- C:\Users\acer\Desktop\Flash_Disinfector.exe
[2011/06/04 20:16:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2536221580-2695972253-4106603175-1003UA.job
[2011/06/04 00:33:23 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2536221580-2695972253-4106603175-1003Core.job
[2011/06/03 18:29:48 | 000,015,360 | -H-- | M] () -- C:\Users\acer\Desktop\photothumb.db
[2011/05/30 13:58:25 | 003,041,555 | ---- | M] () -- C:\Users\acer\Desktop\DSC04257.JPG
[2011/05/30 13:31:36 | 000,076,636 | ---- | M] () -- C:\Users\acer\Desktop\VEL draft 1.jpg
[2011/05/30 01:04:22 | 000,000,160 | ---- | M] () -- C:\Users\acer\Desktop\Inspirational Birthday Messages.url
[2011/05/20 01:55:10 | 000,072,260 | ---- | M] () -- C:\Users\acer\Desktop\voucher_CRI985U6C9.pdf
[2011/05/20 01:29:46 | 000,097,146 | ---- | M] () -- C:\Users\acer\Desktop\Suntze Art of war.pdf
[2011/05/19 14:52:56 | 001,834,496 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/13 15:23:53 | 000,000,188 | ---- | M] () -- C:\Users\acer\Desktop\The Little Teochew Singapore Homecooking.url
[2011/05/13 15:20:01 | 000,000,225 | ---- | M] () -- C:\Users\acer\Desktop\Baking Mum Steamed Moist Chocolate Cake.url

========== Files Created - No Company Name ==========

[2011/06/07 03:18:37 | 412,777,075 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/07 01:50:46 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/07 01:50:32 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/04 20:24:43 | 000,132,597 | ---- | C] () -- C:\Users\acer\Desktop\Flash_Disinfector.exe
[2011/05/31 23:07:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/31 23:07:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/31 23:07:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/31 23:07:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/31 23:07:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/30 13:56:43 | 003,041,555 | ---- | C] () -- C:\Users\acer\Desktop\DSC04257.JPG
[2011/05/30 13:31:36 | 000,076,636 | ---- | C] () -- C:\Users\acer\Desktop\VEL draft 1.jpg
[2011/05/30 01:04:22 | 000,000,160 | ---- | C] () -- C:\Users\acer\Desktop\Inspirational Birthday Messages.url
[2011/05/20 01:55:09 | 000,072,260 | ---- | C] () -- C:\Users\acer\Desktop\voucher_CRI985U6C9.pdf
[2011/05/20 01:29:46 | 000,097,146 | ---- | C] () -- C:\Users\acer\Desktop\Suntze Art of war.pdf
[2011/05/19 14:52:27 | 001,834,496 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/10 23:38:59 | 000,000,225 | ---- | C] () -- C:\Users\acer\Desktop\Baking Mum Steamed Moist Chocolate Cake.url
[2011/05/10 23:38:51 | 000,000,188 | ---- | C] () -- C:\Users\acer\Desktop\The Little Teochew Singapore Homecooking.url
[2010/11/09 16:46:52 | 000,001,054 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2010/09/21 14:48:17 | 000,004,096 | -H-- | C] () -- C:\Users\acer\AppData\Local\keyfile3.drm
[2009/12/09 22:39:40 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/12/09 22:39:40 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/12/09 22:39:40 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/12/09 22:39:40 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/12/09 22:39:40 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/12/09 22:39:40 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/12/09 22:39:40 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/12/09 22:39:40 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/12/09 22:39:40 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/12/09 22:39:40 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/12/09 22:39:40 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/12/09 22:39:40 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/12/09 22:39:40 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/12/09 22:39:40 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/12/09 22:39:40 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/12/09 22:39:40 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/12/09 22:39:40 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/12/09 22:39:40 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/12/09 22:39:40 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/22 22:11:11 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/15 00:51:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/06/15 00:51:58 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/01/15 18:30:35 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2008/09/20 05:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/22 18:27:51 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/07/22 18:27:51 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008/05/27 20:07:50 | 000,016,896 | ---- | C] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/18 21:09:07 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/11 14:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2008/04/11 14:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2008/04/11 14:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2008/04/11 14:57:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008/04/11 14:57:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008/04/11 14:57:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008/04/11 14:57:38 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008/04/11 14:57:38 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2008/03/04 12:25:49 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2008/03/04 11:59:35 | 000,000,796 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/04 11:59:35 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/03/04 11:24:13 | 000,001,356 | ---- | C] () -- C:\Users\acer\AppData\Local\d3d9caps.dat
[2008/02/29 18:19:29 | 000,057,344 | ---- | C] () -- C:\Windows\System32\mupkernps11.dll
[2008/02/28 10:37:49 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/02/28 10:30:23 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2008/02/28 10:30:23 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2008/02/28 10:30:23 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2008/02/28 10:30:23 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2008/02/27 16:28:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/02/27 16:28:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/27 16:28:37 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/02/27 16:28:17 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/22 01:21:26 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/02/22 01:21:25 | 000,000,094 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/08/01 01:44:39 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/31 10:26:00 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/07/31 09:38:06 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/07/31 09:30:01 | 000,000,216 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2007/07/31 09:00:06 | 000,000,134 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/31 09:00:03 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/07/31 09:00:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007/07/31 08:59:44 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/01/19 19:11:16 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 20:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:43 | 000,461,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:36:36 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006/11/02 18:33:01 | 000,618,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,107,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 15:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 15:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001/12/27 07:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 14:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 07:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 13:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/07/23 00:36:14 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Autodesk
[2011/06/03 20:50:10 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\BitTorrent
[2009/10/22 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DNA
[2009/10/22 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Honeywell
[2010/01/30 01:12:03 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Panasonic
[2009/06/15 00:55:23 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PC Suite
[2011/04/10 20:59:50 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PhotoScape
[2011/05/04 23:34:27 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PPStream
[2009/06/15 00:51:43 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Samsung
[2008/10/19 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\WebCam Recorder
[2010/01/23 00:09:04 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\WinFF
[2011/06/07 01:56:22 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#29
michaelg9

Posted 07 June 2011 - 04:10 PM

Trusted Helper

Malware Removal
2,949 posts

Hello,
Your logs are starting to look good

Open OTL
Click the None button on the top
Under Extra Registry select Use Safelist
Click Run Scan button.
Post the log it produces

Next:
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next:
Do you use any Garena games? If yes, can you check and tell me if they're working?

Please tell me how's your computer running at the moment, and if there are any other problems

#30
WizMaster

Posted 07 June 2011 - 10:36 PM

Member

Topic Starter
Member
85 posts

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6805

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

8/6/2011 12:28:41 PM
mbam-log-2011-06-08 (12-28-41).txt

Scan type: Quick scan
Objects scanned: 193700
Time elapsed: 7 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\BaiduBar.Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBar.Baidu.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBar.Tool (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBar.Tool.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarEx.BandIE (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarEx.BandIE.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarEx.DropTarget (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarEx.DropTarget.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Baidu (Adware.Bdsearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
------------------------------

OTL logfile created on: 8/6/2011 12:15:48 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\acer\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.94 Gb Total Space | 58.13 Gb Free Space | 44.06% Space Free | Partition Type: NTFS
Drive D: | 88.17 Gb Total Space | 77.56 Gb Free Space | 87.96% Space Free | Partition Type: NTFS

Computer Name: S10061269 | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >
------------------------------

OTL Extras logfile created on: 8/6/2011 12:15:48 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\acer\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.94 Gb Total Space | 58.13 Gb Free Space | 44.06% Space Free | Partition Type: NTFS
Drive D: | 88.17 Gb Total Space | 77.56 Gb Free Space | 87.96% Space Free | Partition Type: NTFS

Computer Name: S10061269 | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- "" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSí???μ?êó
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS í????ó?ù?÷
"D:\ppstream\PPStream.exe" = D:\ppstream\PPStream.exe:*:Enabled:PPSí???μ?êó -- (PPStream Inc.)
"D:\ppstream\PPSAP.exe" = D:\ppstream\PPSAP.exe:*:Enabled:PPS í????ó?ù?÷ -- (PPStream Inc)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058BE480-7F08-46A3-A6E7-D9AB46C9EDD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{260DF599-453B-48DC-8701-4013BFFF7C30}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{50428BB6-90AA-426C-8BF3-7125FF09F260}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60915BC1-FBEF-41C0-93BC-A1B9338E85CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6BA02D78-0688-4FD4-B381-0BA6EC2E445C}" = lport=2967 | protocol=6 | dir=in | name=symantec port |
"{A0097140-A8CF-4100-A29F-039CDEBBDFAD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DAC5FB8F-BF70-4AA2-8631-FC39CDDC1596}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F22F9107-8A38-4B3B-AF0C-BD47C775DBBA}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{F72F5B61-8BA2-44F8-922A-A9A6516AB69A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092F17A6-FDDA-41D9-8B83-9C3935BF5C34}" = protocol=6 | dir=in | app=d:\ppstream\ppstream.exe |
"{0A38A114-66F4-4F40-82A8-C81F0845C429}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{180471BC-5D70-4786-8298-E54CDC1062ED}" = protocol=6 | dir=in | app=c:\program files\common files\honeywell\simstation\commutewizard.exe |
"{18FB19D8-BD8B-49F3-B19A-CFB799107847}" = protocol=17 | dir=in | app=d:\ppstream\ppsap.exe |
"{2D9CC55E-D48A-46E7-8FC3-B57C3692F0A2}" = protocol=6 | dir=in | app=c:\program files\common files\honeywell\simstation\simstation.exe |
"{36DC73FF-CFB6-4C9D-B942-6DFFDB011B1E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3987EEFF-2DDA-4C4B-8A83-64A046677E2D}" = protocol=17 | dir=in | app=c:\program files\common files\honeywell\simstation\simstation.exe |
"{3CA2DE57-6DF0-4414-A3E3-418EAD10A202}" = protocol=6 | dir=in | app=c:\users\acer\appdata\roaming\ppstream\ppsdown.exe |
"{4518B95A-113F-433D-A1EF-759CC64B9690}" = protocol=17 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{4589C01B-6533-4231-900D-038BBAC2D183}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5B375825-545F-47B6-8DC3-4D3311ABF4B2}" = protocol=6 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{610D4650-97C9-47CB-B8CB-7E27E3019FC0}" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionupgrade.exe |
"{65467347-4F68-47D8-B85B-49E0E09087DD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{69AF6F05-5568-422A-B74D-333157110A33}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7CFEED8E-94CE-4CAE-A624-AC9456CE1FBB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{835B80C4-AD8D-4388-9A0B-BEAEC9973A37}" = protocol=17 | dir=in | app=c:\program files\common files\honeywell\simstation\commutewizard.exe |
"{8C485972-A65B-42B0-B7D4-D63EC91503CD}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{9451124E-22FE-4E16-A970-B2220EAFA2AA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{9D89A5EB-A426-4330-B400-21BB61ADD939}" = protocol=6 | dir=in | app=d:\ppstream\ppsap.exe |
"{A3C3E9FA-73A2-4EF0-90CB-2CE2F8C94A9D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{AAF0E4AD-2AF8-406D-8325-E78BDA0D3472}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6F5F450-6B10-447F-A7A8-8728EA7B047E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{B892FB46-DD51-446D-A18A-75B98B20DE78}" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionupgrade.exe |
"{BDCB02BC-DF97-43FA-91F5-9F033D87FA50}" = protocol=17 | dir=in | app=d:\ppstream\ppstream.exe |
"{C2B68DFA-920A-40DD-966B-0F4B72563A70}" = protocol=17 | dir=in | app=c:\users\acer\appdata\roaming\ppstream\ppsdown.exe |
"{D0957564-5180-4B99-90F1-38A9F7A9B4F4}" = protocol=1 | dir=out | [email protected],-28544 |
"{DC66FAEE-ED81-46CD-B3B5-FDB22F6F4B20}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EF6BD7FC-1EF3-4052-82B3-767858A595DF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{F9F2EE14-5CD6-4727-A42B-B1C703AB141E}" = protocol=1 | dir=in | [email protected],-28543 |
"{FD96A65C-F335-4934-8D98-FDD39E324BFC}" = protocol=58 | dir=out | [email protected],-28546 |
"{FDD51C79-93A4-4FB3-9A2D-A17CD3F87F32}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{FDD61F00-1F5E-4821-B60F-C1380A5357CA}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{14A40C77-8A62-412F-907D-FD9C174C6906}C:\users\acer\desktop\cs\hl.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\cs\hl.exe |
"TCP Query User{35139361-76A4-4C9C-8E78-AD0CED309B5A}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{55A79992-562B-4D84-B29F-538FBF65C567}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{5AAE4E5E-00BC-4FDA-86A8-5DD8E0F59718}D:\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{5CF5EF49-44EB-4430-ACC0-F52B60A50B21}C:\users\acer\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\warcraft iii\war3.exe |
"TCP Query User{615881F4-3946-4248-B77D-C208327D2F4D}C:\users\acer\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\acer\program files\dna\btdna.exe |
"TCP Query User{723F6B8D-473A-4DB5-92E4-A36744C7852E}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{A1303ADD-5633-4B97-B9CD-99C59AF1B73F}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{A4C66A60-2373-4F91-8B8A-F17F67B1F511}C:\users\acer\desktop\warcraft iii\yawle.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\warcraft iii\yawle.exe |
"TCP Query User{ABAD1117-35D0-4760-8D1F-A29ED8E6B3D1}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{B2A6A162-9BD6-40F0-A5B5-8944428513C2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C85D13FD-D8A3-4D8C-A976-C8BA99603E62}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"TCP Query User{CC26309E-6298-4AAB-8C22-2557184E512C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{D9C08F91-0BCA-4E11-8B0C-4B2E8AE9F7D5}C:\users\acer\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\acer\program files\dna\btdna.exe |
"UDP Query User{4539F627-65AD-4B0B-A768-EBECD7F5CFFD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{5B650529-2A7E-4F6F-82B2-FFFE928B514E}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"UDP Query User{5E7175D1-86BA-4B86-B4B1-274400CBFEBD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6E945110-6766-47AB-A0A8-7F87DC6FD1D9}C:\users\acer\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\acer\program files\dna\btdna.exe |
"UDP Query User{78846BF4-1DCF-4E59-AB91-746463FC0C66}D:\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{8DC896B9-7F89-4078-95E8-22C76F5CB47F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{A5454879-7AC5-4E4B-BA72-8009BCCCFE9A}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{ACDAD9A6-6912-43F4-8814-E3B8ADF5D969}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{BE76431A-96F4-4101-B1D0-D1B0A77A132E}C:\users\acer\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\acer\program files\dna\btdna.exe |
"UDP Query User{C6E434EB-7B6C-413A-85F0-B94AB12D23B7}C:\users\acer\desktop\warcraft iii\yawle.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\warcraft iii\yawle.exe |
"UDP Query User{CD0CD29B-47DD-4D19-BD1B-D2594616076A}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D9B6F97A-F089-4E26-AB3F-6EEC7E4807C4}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{DBFF8090-7D18-497E-9750-F8CE42B13421}C:\users\acer\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\warcraft iii\war3.exe |
"UDP Query User{DFC0FBD6-7144-4101-B354-63115BF7F61E}C:\users\acer\desktop\cs\hl.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\cs\hl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{2851123E-5786-41BE-A3F1-A9B21E499EEB}" = Altiris Task Synchronization Agent
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-5001-0409-0012-0060B0CE6BBA}" = AutoCAD 2007 - English
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E120A8C-129E-4C94-AA91-4A2ADBB6C003}" = Aspen HYSYS 2004.2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983CE4AE-052A-4AD6-92ED-177DFC85DAE5}" = Warcraft III 1.22 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0A1EB01-A6FD-423A-8480-364055A7C961}" = Altiris Software Delivery Solution Agent
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4DD4EDE-6758-11D5-8225-00104BD1670F}" = Scientific Notebook 4.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{E066DE16-50F3-4A8C-953C-E67118894B2F}" = Scientific Notebook 5.5
"{E3B01D6C-DC51-4800-A83B-6AD2E7FD3276}" = Honeywell UniSim Design R380
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Garena" = Garena 2010
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"MatlabR2007a" = MATLAB R2007a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Broadband Modem" = Mobile Broadband Modem
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"PhotoScape" = PhotoScape
"PPSGame" = PPS游戏 V1.0.1.270
"PPStream" = PPS影音 V2.7.0.1208 正式版
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"singtelRV" = SmartFix
"SmartFix" = SmartFix
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WinFF_is1" = WinFF 1.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2011 8:53:34 AM | Computer Name = s10061269 | Source = EventSystem | ID = 4609
Description =

Error - 3/6/2011 8:56:40 AM | Computer Name = s10061269 | Source = EventSystem | ID = 4609
Description =

Error - 3/6/2011 8:59:05 AM | Computer Name = s10061269 | Source = EventSystem | ID = 4609
Description =

Error - 3/6/2011 9:12:37 AM | Computer Name = s10061269 | Source = WerSvc | ID = 5007
Description =

Error - 4/6/2011 7:58:58 AM | Computer Name = s10061269 | Source = WerSvc | ID = 5007
Description =

Error - 4/6/2011 8:42:23 AM | Computer Name = s10061269 | Source = WerSvc | ID = 5007
Description =

Error - 6/6/2011 1:31:05 PM | Computer Name = s10061269 | Source = WerSvc | ID = 5007
Description =

Error - 7/6/2011 1:41:03 AM | Computer Name = s10061269 | Source = WerSvc | ID = 5007
Description =

Error - 7/6/2011 7:46:41 AM | Computer Name = s10061269 | Source = WerSvc | ID = 5007
Description =

Error - 8/6/2011 12:13:17 AM | Computer Name = s10061269 | Source = WerSvc | ID = 5007
Description =

[ OSession Events ]
Error - 6/5/2010 11:56:29 AM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3279
seconds with 720 seconds of active time. This session ended with a crash.

Error - 11/5/2010 10:36:18 AM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/5/2010 9:14:02 AM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2571
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/5/2010 10:35:07 AM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/5/2010 10:35:37 AM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/5/2010 12:13:22 PM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3382
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 16/5/2010 4:13:13 AM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/5/2010 10:30:49 AM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/5/2010 12:12:02 PM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 31/5/2010 11:10:58 AM | Computer Name = s10061269 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 413
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/6/2011 1:33:51 AM | Computer Name = s10061269 | Source = Service Control Manager | ID = 7000
Description =

Error - 7/6/2011 1:33:51 AM | Computer Name = s10061269 | Source = Service Control Manager | ID = 7000
Description =

Error - 7/6/2011 2:21:45 AM | Computer Name = s10061269 | Source = DCOM | ID = 10010
Description =

Error - 7/6/2011 7:40:08 AM | Computer Name = s10061269 | Source = Service Control Manager | ID = 7023
Description =

Error - 7/6/2011 7:40:08 AM | Computer Name = s10061269 | Source = Service Control Manager | ID = 7000
Description =

Error - 7/6/2011 7:40:08 AM | Computer Name = s10061269 | Source = Service Control Manager | ID = 7000
Description =

Error - 7/6/2011 12:22:50 PM | Computer Name = s10061269 | Source = DCOM | ID = 10010
Description =

Error - 8/6/2011 12:08:25 AM | Computer Name = s10061269 | Source = Service Control Manager | ID = 7023
Description =

Error - 8/6/2011 12:08:25 AM | Computer Name = s10061269 | Source = Service Control Manager | ID = 7000
Description =

Error - 8/6/2011 12:08:25 AM | Computer Name = s10061269 | Source = Service Control Manager | ID = 7000
Description =

< End of report >

i dun use greana anymore.